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DETAILED ACTION 

A request for continued examination under 37 CFR 1.114 was filed in this 
application after a decision by the Board of Patent Appeals and Interferences, but 
before the filing of a Notice of Appeal to the Court of Appeals for the Federal Circuit or 
the commencement of a civil action. Since this application is eligible for continued 
examination under 37 CFR 1.114 and the fee set forth in 37 CFR 1.17(e) has been 
timely paid, the appeal has been withdrawn pursuant to 37 CFR 1.114 and prosecution 
in this application has been reopened pursuant to 37 CFR 1.114. Applicant's 
submission filed on 4/2/10 has been entered. 

Claims 1-20 are pending. 

Response to Amendments and Arguments 

Applicant's amendments were fully considered. Applicant's arguments directed 
at the amended claims were also fully considered, but are not persuasive. Applicant 
states that applicant does not understand that Copeland teaches the new limitation 
amended onto the independent claims and that because of this Copeland teaches away 
from the new limitations. The examiner respectfully submits that Copeland does in fact 
teach the new limitations added by applicant. As such, Copeland cannot teach away 
from what he teaches are features of his invention. See further clarification below. 

Claim Rejections - 35 USC §112 

The following is a quotation of the first paragraph of 35 U.S. C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
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art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

Claims 1-20 are rejected under 35 U.S.C. 112, first paragraph, as failing to 
comply with the written description requirement. The claim(s) contains subject matter 
which was not described in the specification in such a way as to reasonably convey to 
one skilled in the relevant art that the inventor(s), at the time the application was filed, 
had possession of the claimed invention. 

1 . Claim 1 has bee amended to state that the mapped port assignment was created 
when an application registered a service provided by the application with said 
port mapper at the time said application was brought up. . . . There does not 
appear to be any written support in the application as originally filed for this 
limitation. While the examiner does see in the specification support for a service 
being registered, i.e. bound to a particular port (p15 of specification), there is no 
disclosure of the registering being done by the application that was brought up . 
Note that the application being brought up doing the registering further does not 
appear to be an inherent feature of applicant's invention as originally disclosed 
since some other application other than the one being brought up could have 
done the registering. For example, an application that was already brought up 
could monitor applications being brought up and register services for applications 
being brought up thereby creating a mapped port assignment. Claims 8 and 15 
recite similar limitations which also do not have written support in the 
specification as originally filed. 

2. Claims not specifically addressed are rejected due to dependency. 
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The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claims 1-20 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

1 . Claims 1 , 8, and 15 each recites "said identified service", which lacks antecedent 
basis. 

2. Claims 8 and 15 each recites "said port binding information" which lacks 
antecedent basis. 

3. Claims not specifically addressed are rejected due to dependency. 

4. Applicant should fully review the claim set for any other informalities. 

Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claims 1-14 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. 

1 . As per In re Bilski, 545 F3d 943, 88 USPQ2d 1385 (Fed. Cir. 2008), for a method 
claim to be statutory, the steps must either be tied to a particular machine or the 
steps must transform an article of manufacture. It is submitted that claim 1 as 
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written fails both the tests as set forth by In re Bilski as each of the steps could 
be performed by a human alone. For example, the access step could refer to a 
person reading port binding information which has been printed as a first list on 
paper or displayed on a monitor. Note that in the case that the first list is 
displayed on a monitor for the person to read, the displaying is an insignificant 
step as no particular machine is needed— any generic machine capable of 
displaying information would suffice, thus the machine used for displaying is an 
insignificant component to the steps of the method. The querying step also could 
refer to the same person reading information regarding which ports are currently 
being used by a service off a second list that is either printed on paper or 
displayed on a screen. The determining step could be accomplished by the 
person manually comparing both the aforementioned lists to see if there are any 
ports on the second list that are not on the first list. The initiating step could be 
accomplished by the person telling an administrator that a port was found on the 
second list that was not on the first list. 

2. Claims 2-7 are also not statutory because despite the further limitations recited 
therein, these limitations also fail the tests set for by In re Bilski. 

3. Claim 8 is directed towards a "network port map verification tool" comprising a 
port assignment file (which is non-functional descriptive material), and a port 
assignment file verifier, which could broadly, but reasonably be interpreted to be 
software per se (i.e. functional descriptive material per se). Because each of the 
elements claim 8 are merely descriptive material per se, claim 8 is not statutory 
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as descriptive material by itself does not fall within any of the four statutory 
categories of invention. Applicant can overcome this rejection by claiming some 
form of hardware as part of the claimed tool. 

4. Claim 9 describes a network the claimed tool of claim 8 is used with, however, 
does not add anything which requires the tool to be interpreted as anything other 
than descriptive materials per se. As such, claim 9 is also non-statutory. 

5. Claims 10-14 describes actions the tool of claim 8 is programmed to take. 
However, these limitations also do not add anything which requires the tool to be 
interpreted as anything more than descriptive materials per se, thus these claims 
are also not statutory. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in a printed 
publication in this or a foreign country, before the invention thereof by the applicant for a patent. 

Claims 1-6, 8-11, 14-18, and 20 are rejected under 35 U.S.C. 102(a) as being 
anticipated by Copeland III (US 2002/0144156). 
Claim 1: 

Copeland discloses: 
1 . Accessing port binding information, which includes an identification and an 

authorized port of an authorized service, in a port authorization file in said 
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network (paragraphs 62-63 and 74). Stored "profile list" contains list of allowed 
protocols, operations, and ports. 

2. Querying a port mapper (i.e. seen today list) for a mapped port assignment, 
which was created when an application registered a service provided by the 
application with said port mapper at the time said application was brought up, 
said mapped port assignment includes a current port used by said registered 
service (paragraphs 64, 69-73, and 123). In each Mode, new services are 
automatically detected, including "current activities". This implies that if an 
application which was just brought up registers a service and a new port is 
mapped for that service, port profile engine 155 would detect the new mapped 
port assignment in the "seen today list". 

3. Determining if said identified service is currently using said authorized port by 
comparing said mapped port assignment to said port binding information 
(paragraphs 66, 88, 103, and 123). 

4. Initiating a response to said comparing (paragraphs 87 and 103). Alarm is raised 
if port in "seen today list" does not match authorized ports as specified in the 
stored port profile of allowed network services. 

Claim 8: 

Copeland discloses: 

1 . A port assignment file (i.e. "profile list") comprising a port authorization, which 
includes an authorized port of an authorized service, in said network (paragraphs 
62-63 and 74). 
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2. A port assignment file verifier (paragraphs 62 and 129; i.e. port profiling engine 
155), wherein said verifier is enabled to verify a port assignment against said port 
authorization (paragraphs 62) by, 

a. Querying a port mapper (i.e. seen today list) for a mapped port 
assignment, which was created when an application registered a service 
provided by the application with said port mapper at the time said 
application was brought up, said mapped port assignment includes a 
current port used by said registered service (paragraphs 64, 69-73, and 

1 23). In each Mode, new services are automatically detected, including 
"current activities". This implies that if an application which was just 
brought up registers a service and a new port is mapped for that service, 
port profile engine 155 would detect the new mapped port assignment in 
the "seen today list". 

b. Determining if said identified service is currently using said authorized port 
by comparing said mapped port assignment to said port binding 
information (paragraphs 66, 88, 103, and 123). 

c. Initiating a response to said comparing (paragraphs 87 and 103). Alarm is 
raised if port in "seen today list" does not match authorized ports as 
specified in the stored port profile of allowed network services. 

Claim 15: 

Copeland discloses: 
1 . A network server coupled to a network (paragraph 41 and Figures 1-2). 
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2. A network client communicatively coupled with said network server via a port 
(paragraph 41). 

3. A plurality of provisionable services (i.e. network services) enabled to 
communicate with said network server via a plurality of ports (paragraphs 45 and 
62). 

4. A port map verification tool (paragraphs 62 and 129; i.e. port profiling engine 
155) enabled to compare a port assignment to a port authorization, which 
includes an authorized port of an authorized service (paragraphs 62 and 132), in 
said network by, 

a. Querying a port mapper (i.e. seen today list) for a mapped port 
assignment, which was created when an application registered a service 
provided by the application with said port mapper at the time said 
application was brought up, said mapped port assignment includes a 
current port used by said registered service (paragraphs 64, 69-73, and 

1 23). In each Mode, new services are automatically detected, including 
"current activities". This implies that if an application which was just 
brought up registers a service and a new port is mapped for that service, 
port profile engine 155 would detect the new mapped port assignment in 
the "seen today list". 

b. Determining if said identified service is currently using said authorized port 
by comparing said mapped port assignment to said port binding 
information (paragraphs 66, 88, 103, and 123). 
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c. Initiating a response to said comparing (paragraphs 87 and 103). Alarm is 
raised if port in "seen today list" does not match authorized ports as 
specified in the stored port profile of allowed network services. 
Claims 2, 9, and 16: 

Copeland further discloses wherein said network comprises a utility data center, 
i.e. server (paragraphs 38-39). 
Claim 9: 

Claim 9 is also alternatively rejected for the same reasons given in claim 8. The 
wherein clause further recited in claim 9 does not appear to further limit the structure of 
the claimed network port map verification tool. Instead, the clause further defines the 
network, which is not a part of the claimed network port map verification tool. As such, 
the wherein clause further recited in claim 9 is not given patentable weight, see MPEP 
2111.04. 
Claim 3: 

Copeland further discloses wherein said mapped port assignment comprises 
static port binding data (paragraphs 44-45 and Fig 2, host data 166). 

Note that frequently used services are assigned fixed/static port numbers. The 
HTTP service, for example, is bound to static port 80. 
Claim 4: 

Copeland further discloses wherein said port authorization file comprises fixed 
port assignments (paragraphs 44-45 and 81 and Fig 2, host data 166). 
Claim 5: 
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Copeland further discloses wherein said port authorization file is generated upon 
network initialization (paragraph 74). 
Claims 10 and 17: 

Copeland further discloses wherein said network port map verification tool is 
further enabled to initiate a response, i.e. alarm, to a port assignment anomaly 
(paragraph 66). 
Claims 6, 11, and 18: 

Copeland further discloses wherein said response comprises an alarm 
(paragraph 66). 
Claims 14 and 20: 

Copeland further discloses wherein said network port map verification tool is 
enabled to operate in a remote procedure call environment (paragraph 61). 

A client-server environment is a remote procedure call environment since the 
server executes various procedures depending on remote requests received from the 
client. 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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Claims 7, 12, and 19 are rejected under 35 U.S.C. 103(a) as being unpatentable 
overCopeland III (US 2002/0144156) in view of Hrabik et al (US 6,988,208). 
Claims 7, 12, and 19: 

As per claim 7, Copeland does not explicitly disclose wherein said response 
comprises a system lockdown. However, this limitation is disclosed by Hrabik (col 7, 
lines 16-24). 

Both Copeland and Hrabik are concerned with computer and network security. 
At the time applicant's invention was made, it would have been obvious to one of 
ordinary skill in the art of computer and network security to modify Copeland's invention 
according to the limitations recited in claim 7 as per Hrabik's teachings. One skilled 
would have been motivated to do so because a system lockdown in response to an 
intrusion detection would minimize the amount of damage an intruder can cause to the 
system. 

Claims 12 and 19 further recite a limitation substantially similar to what is recited 
in claim 7 and are rejected for much the same reasons discussed in claim 7. 



Claim 13 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Copeland III (US 2002/0144156) in view of Nickles (US 6,134,591). 
Claim 13: 
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As per claim 13, Copeland does not explicitly disclose wherein said network port 
map verification tool is enabled to verify a digital signature related to said port 
authorization. However, Nickles discloses a security server enabled to verify a digital 
signature related to a access request (col 10, lines 10-38). Note that an access request 
to a server typically includes the port number a client wishes to access or be authorized 
to access, thus access authorization is related to port authorization. As such the digital 
signature taught by Nickles is related to port authorization. 

At the time applicant's invention was made, it would have been obvious to one of 
ordinary skill in the art to modify Copeland's invention according to the limitations further 
recited in claim 13 by incorporating the digital signature verification functions of the 
security server disclosed by Nickles within the network port map verification tool of 
Copeland's invention. One of ordinary skill would have been motivated to do so 
because it would allow Copeland's invention to verify the identity of the person making a 
connection request. This would enhance the security of networks protected by 
Copeland's invention since unauthorized port access could be prevented rather than 
just detected. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ponnoreay Pich whose telephone number is (571) 272- 
7962. The examiner can normally be reached on 9:00am-4:30pm Mon-Thurs. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Ponnoreay Pich/ 

Primary Examiner, Art Unit 2435 



